With this blog I intend to give you my perspective about various technology related stuff. I've remained a layman for a long time, so I hereby give you a very simple view of how things look to me and how to implement new ideas in a simple manner

Tuesday, May 19, 2009

I'm sure all of us would have heard about public key cryptography. Here I would like to propose a new idea which I suppose would enhance public key cryptography. This paper is no mumbo-jumbo. Its very simple and surprising. Please have a look and let me know...

AI'm sure all of us would have heard about public key cryptography. Here I would like to propose a new idea which I suppose would enhance public key cryptography. This paper is no mumbo-jumbo. Its very simple and surprising. Please have a look and let me know...

DefinitionsCipher - a cryptographic algorithm used to encrypt and decrypt filesand messages.Ciphertext - the disguised (or encrypted) file or message.Code - the usage of characters or words to represent words,sentences, or ideas. Morse code is a common example, wherecombinations of dots and dashes represent letters and numbers.Cryptanalysis - the art of breaking cryptosystems. The process oflooking for errors or weaknesses in the implementation of analgorithm or of the algorithm itself.Cryptography - the art of creating and using cryptosystems.Cryptology - the study of both cryptography and cryptanalysis.Cryptosystem - the entire process of using cryptography. Thisincludes the actions of encrypting and decrypting a file or message, orauthenticating the sender of an e-mail message.Key - a collection of bits,usually stored in a file, which is used to encrypt or decrypt a message.Plaintext - the original message or file. After a file or message has been encrypted and then decrypted you should end up with the original file or message.Private Key - the secret key of a public-private key cryptography system. This key is used to "sign" outgoing messages, and is used to decrypt incoming messages.Public Key - the public key of a public-private key cryptography system. This key is used to confirm "signatures" on incoming messages or to encrypt a file or message so that only the holder of the private key can decrypt the file or message.Public-private Key Cryptography System - a cryptography system that uses two different keys to lock and unlock (encrypt and decrypt) messages and files. The two keys are mathematically linked together. An individual's public key is distributed to other users and is used to encrypt messages to the individual. The individual keeps the private key secret and uses it to decrypt messages sent with the public key.

Enhanced public key cryptography : A propositionWe have seen that even a public key system with n users would need 2*n number of keys to be stored. It may not seem very large for small systems. But as the value of n increases the size of the database also grows. This in fact slows down the system. Efficiency of the system decreases. As we have already discussed our concern is to further reduce the size of the data base. The basic idea is that we don't need to store the private key into the database. We would rather express the private key as a function of the public key. Private key = f (Public key) The first time a user registers to the system , the user is asked to enter his desired user name. Once he enters a user name (that doesn't exist already) , the system supplies him with a password. This password cannot be changed by the user in future. The password or rather the private key is calculate as a function of the public key. The function maybe tosimply add the ASCII values of characters used in the public key and then give the result of computation as the private key or password. So each time a user wants to login,he is required to enter his user name and password. The system calculates the original password for the user name as f(user name). Then the system checks whether f(user name),and the entered password matches. If they match the user can connect to the system. Otherwise he is not allowed to connect. So the basic idea is to calculate the real password from the user name applying the function and then match it with the password entered by the user. The advantage here is that for n users we need to store only n entries of use names. No password is stored.However there is one serious disadvantage for this system. If a cryptanalyst gets a number of combinations of the user names and passwords he may succeed in finding the transformation performed by the function 'f(user name)'. If that happens he will be able to get the passwords for each and every user. Then the system fails completely. To avoid such a failure what we do is that we use a number offunctions rather than a single function. So the cryptanalyst can't find any similarity in the way the passwords are generated . The function used to calculate the password for a user depends on the position of the user name in the database. We shall consider an example. Suppose there are n users already registered in the database and there are m distinct functions available in the system to calculate thevalue of the password from the user name. A new user wants to register to the system. The desired user name is 'abcn1'. Then the system writes his user name at the end of the database. So position of the new user will be n+1. We then calculate the (n+1)th number in the Fibonacci series. Say the number is p. We perform p%m ( where m is the number of functions the system uses to calculate the passwordsfrom the user name). We know that 0 <= p%m <> EPKC vs PCKPCK uses the inefficient linear search for retrieving the username and password(ie the public and private keys of a user). Linear search efficieny is O(n). So this is considered inefficient. Sometimes its possible to use binary search to improve the search times. But then, sorting must be done during insertion. This is a tedious process. This will lead to greater insertion times. Thus still inefficient.Now lets see about the proposed EPCK. Here search (or rather calculation )is done via a hashing. Once the key pairs are entered by the user to login, the system can use a hashing process to retrieve the function to calculate the private key. Then this function can map the public key to the private key in a unique way. It's well known that hashing process has a search time of O(1). There are some additional processes done before and after hashing. Considering all these processes we can sum up that EPCK search times is by all means comparable to PCK. In terms of space efficiency PCK is far behind EPCK. PCK is 50%(nearly) more space efficient. This is because in EPCK we don't store the private key of the users. And in terms of security domain. In PCK we would need to secure the database using strong firewalls. This means additional cost. Still it's not possible to be sure of 100% security. In the age of systems like the bruteforce we cant rely on any security providers. EPCK since theydon't need to store any private key don't need any protection to the database. Maybe a small amount of write protection can be done. Thus EPCK is more space efficient than PCK. Also its less expensive than PCK.

This is a picture of an EPCK database.

The proposed system requires lesser memory space(half the memory space) compared to public key systems without compromising the security of the system. Thus the efficiency of the communication system will improve tremendously,without sacrificing the security of the system.

2 comments:

This article is really very helpful for me. I learn so much from it. You have explained so many concepts which are directly related to this process. Thank you so much for this awesome detail.public key infrastructure